function newsletter_form($loc = '') { global $LANG; $form = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['newsletter_form' . $loc]) && \site\utils::check_csrf($_POST['newsletter_form' . $loc]['csrf'], 'newsletter_form' . $loc . '_csrf')) { $pd = \site\utils::validate_user_data($_POST['newsletter_form' . $loc]); try { $id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0; $type = \user\main::subscribe($id, $pd); if ($type == 1) { $form .= '<div class="success">' . sprintf($LANG['newsletter_reqconfirm'], $pd['email']) . '</div>'; } else { $form .= '<div class="success">' . $LANG['newsletter_success'] . '</div>'; } unset($pd); } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['newsletter_form' . $loc . '_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#widget_newsletter"> <input type="email" name="newsletter_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" placeholder="' . $LANG['form_email'] . '" required /> <input type="hidden" name="newsletter_form' . $loc . '[csrf]" value="' . $csrf . '" /> <button>' . $LANG['subscribe'] . '</button> </form>'; return $form; }
<?php if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_subscribe']) { $response = array(); $pd = \site\utils::validate_user_data($_POST['subscribe']); try { $id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0; $type = \user\main::subscribe($id, $pd); $response['state'] = 'success'; $response['message'] = $type == 1 ? sprintf($LANG['newsletter_reqconfirm'], $pd['email']) : $LANG['newsletter_success']; unset($_SESSION['csrf']['ajax_subscribe']); } catch (Exception $e) { $response['state'] = 'error'; $response['message'] = $e->getMessage(); } echo json_encode($response); }